Introduction

The following discusses aspects of source code relating to weak authentication functionality.
This could be due to flawed implementation or broken business logic:
Authentication is a key line of defence in protecting non-public data, sensitive functionality

Weak Passwords and password functionality

Password strength should be enforced upon a user setting/selecting ones password. Passwords should be complex in composition.
Such checks should be done on the backend/server side of the application upon an attempt to submit a new password.

Bad/weak error handling can be used to establish the internal workings of the authentication functionality such as giving insight into the database structure, insight into valid and invalid user ID's etc